1 / 27

Cloud Computing Security

Cloud Computing Security. Reading. Reading: NIST, The NIST Definition of Cloud Computing, csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf, 2011

quito
Télécharger la présentation

Cloud Computing Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Cloud Computing Security Computer Science and Engineering

  2. Reading Reading: • NIST, The NIST Definition of Cloud Computing, csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf, 2011 • R. Sandhu, et al., Towards a discipline of mission-aware cloud computing, CCSW’10 in Proc. of the 2010 Cloud Computing Workshop, 13-18, 2010., http://dl.acm.org/citation.cfm?id=1866835.1866839&coll=DL&dl=ACM&CFID=131355972&CFTOKEN=22051019 Computer Science and Engineering

  3. What is cloud computing? Computer Science and Engineering

  4. The NIST Definition • Computing paradigm to support ubiquitous, convenient, and on-demand network access to a shared pool of computing resources • Access characteristics: can be rapidly provisioned and released with minimal management effort or service provider’s interaction • Description: • Essential characteristics • Service model • Deployment model Computer Science and Engineering

  5. Essential Characteristics • On-demand self-service • Broad network access • Resource pooling • Rapid elasticity • Measured service Computer Science and Engineering

  6. Service Models • Software as a Service (SaaS) • Platform as a Service (PaaS) • Infrastructure as a Service (IaaS) Computer Science and Engineering

  7. Deployment Models • Private cloud • Community cloud • Public cloud • Hybrid cloud Computer Science and Engineering

  8. Cloud concerns • The cloud acts as a big black box -> Clients have no idea or control over what happens inside a cloud • Loss of control • Cloud provider, system admins • Lack of trust • How to support traditional data confidentiality, integrity, availability, and privacy issues, plus some additional attacks • Extra work Computer Science and Engineering

  9. Security Objectives • Confidentiality • Fear of loss of control over data • sensitive data stored on a cloud • cloud compromises  leak confidential client data • Is the cloud provider honest and won’t peek into the data? Computer Science and Engineering

  10. Security Objectives • Integrity • Correct computations • Data tampering • Availability • Denial of Service attack against cloud • Cloud provider goes out of business • Scalability • Cloud provider’s downtime Computer Science and Engineering

  11. Regulations and Legal requirements • Auditability and forensics (out of control of data) • Difficult to audit cloud data • Difficult forensics • Legal issues • Who is responsible for complying with regulations? • How about third party clouds? Computer Science and Engineering

  12. Privacy Issues • Massive data mining • Cloud now stores data from a lot of clients, and can run data mining algorithms to get large amounts of information on clients • Increasedattack surface • Attackers target the communication link between cloud provider and client • Cloud provider employees can be phished Computer Science and Engineering

  13. What are the Security concerns regarding Cloud computing? Computer Science and Engineering

  14. Why do we need cloud security? • Players: • Cloud provider • Service consumer • Concerns: • Availability • Security • Cloud Security Alliance, https://cloudsecurityalliance.org/ Computer Science and Engineering

  15. Critical Security Areas in Cloud Computing (CSA) • Governing in the Cloud • Governance and Enterprise Risk Management • Legal and Electronic Discovery • Compliance and Audit • Information Lifecycle Management • Portability and Interoperability • Operating in the Cloud • Traditional Security, Business Continuity, and Disaster Recovery • Data Center Operations • Incident Response, Notification, and Remediation • Application Security • Encryption and Key Management • Identity and Access Management • Virtualization Computer Science and Engineering

  16. Top 10 Customer Issues Eroding Cloud Confidence (from CSA) • Government regulations keeping pace with the market (1.80) • Exit strategies (1.88) • International data privacy (1.90) • Legal issues (2.15) • Contract lock in (2.18) • Data ownership and custodian responsibilities (2.18) • Longevity of suppliers (2.20) • Integration of cloud with internal systems (2.23) • Credibility of suppliers (2.30) • Testing and assurance (2.30) Computer Science and Engineering

  17. Will the cloud stay? Computer Science and Engineering

  18. Cloud and Security • Security difficulties in the cloud • Cloud as a security service provider Computer Science and Engineering

  19. What is Security? • 1960s: Computer security (CompuSec) and Communication security (CommSec) • 1970s: encryption technologies • 1990s: Information security (InfoSec) • 2000s: Information Assurance, Information Warfare • 2008-9: Information Dominance • 2010s: Mission Assurance Computer Science and Engineering

  20. Mission Assurance • Getting the job done • Security is a secondary objective • Always present malicious entity in a cyber system • DoD Mission assurance specification Computer Science and Engineering

  21. What is a Mission aware cloud? Computer Science and Engineering

  22. Mission-aware cloud Research problems 1. • “Develop a heterogeneous experimental cloud computing infrastructure (denoted as the cloud henceforth) spanning multiple locations, security and assurance levels.” • “Experimentally explore, develop, and implement extensive instrumentation to monitor, measure and gather statistical data regarding activities in the cloud.” Computer Science and Engineering

  23. Mission-aware cloud Research problems 2. • “Analyze gathered data to estimate underlying network performance and threat vulnerability using regression, analysis of variance, and other generalized linear statistical models.” • “Develop new protocols that cope with denial of service (DoS) and insider attacks and ensure predictable delivery of mission critical data.” • “Develop new or enhance existing virtual machines (VMs) that enable efficient implementation of access control and trust policies to facilitate mission assurance.” Computer Science and Engineering

  24. Mission-aware cloud Research problems 3. • “Develop models, methodologies and architectures for decentralized dynamic management of security and assurance policies.” • “Design automated systems that analyze the tradeoffs between security and availability versus performance and scalability and take corrective action before threats or bottlenecks compromise mission assurance.” Computer Science and Engineering

  25. Policy Decisions • Pete and Ann shares resources • Need agreement on security policy • Pete • Ann • Cloud provider Ann Pete Computer Science and Engineering

  26. What will be the “new” technology/capability for 2010s? Computer Science and Engineering

  27. Next Class: Mobile Security Computer Science and Engineering

More Related